I spent a good deal of money on a nice processor and now it's going to get nerfed by at least 20%? I guess it's good they found the bug before it became common knowledge.

Ehm, no. The 20-30 percent number is only for tests that were made to have a lot of the affected operations, and unless you're running virtual machines you're not going to have anything near that.
For real life applications and gaming the difference is more 0 - 4 percent...
which still sucks, but less so.

Well, this is bad news for me, but at least the impact is minimal. Surprised it took so long for someone to discover it, though.

Dude, the Bash bug has a FAR bigger attack surface and was undetected for 20+ years.
That thing, in it's base form, allowed a remote attacker full rights on any system that had bash running (read everything non-windows) and was so incredibly trivial to exploit that you could do it with about a dozen lines of code to fully take over a target system.

I've been using the Brave browser created by a team led by the guy who created JavaScript. With that background and Brave's focus on security, I'd expect that browser to provide the best defense possible from at least the Spectre exploit via JavaScript... but they haven't said anything about it yet.

On the premise that I am no expert... I understand that all CPUs work -fundamentally- in the same way, even though manufacturers end up using different architectures.
(correct me where I am wrong, of course)

So, what I do *not* understand is HOW can different CPUs (built by different companies that have no desire to share their engineering secrets with one another) present the same exploits.

Can anyone shed some light? I am not finding explanations. Plenty of articles parrot the same news, but none goes into detail of what the problem is and how it came to be.

On the premise that I am no expert... I understand that all CPUs work -fundamentally- in the same way, even though manufacturers end up using different architectures.
(correct me where I am wrong, of course)

So, what I do *not* understand is HOW can different CPUs (built by different companies that have no desire to share their engineering secrets with one another) present the same exploits.

Can anyone shed some light? I am not finding explanations. Plenty of articles parrot the same news, but none goes into detail of what the problem is and how it came to be.

-fox

The simple answer is industry standards/best practices. (in the following context)

Most of it boils down to decisions made to help increase IPC in a world where IPC increases are increasingly hard to come by.

From what I've read, the reason modern processors from Intel, AMD and ARM all suffer from the same problem is that they all use the same optimization method of "speculative execution."

That is, they all use a similar technique of guessing what execution path some code will use (and rolling back if they guessed wrong). There's nothing evil about that; it's just a clever performance optimization technique that happens to expose a CPU's kernel to processes that shouldn't have that level of privilege. Oops.

If anything, I'm sort of surprised that the speculative execution thing wasn't patented by one of the big three chip makers, limiting its use by the other two. (Or was it?)